General
-
Target
lista de cotizaciones.xlam.exe
-
Size
984KB
-
Sample
240702-gqwlsatakm
-
MD5
3397f79c3a08077e9295c17c9b3b938c
-
SHA1
7c1cfd2b56e5f4780b561942fe1e9f62200be5cb
-
SHA256
fc53ccd71a8b45f03e842e375777e017b73371d2ae6828af9fd8328f6b91c3ee
-
SHA512
a651cd572e27869b1c2901aea00244a08fe7b2607422d7b97892e9ef9e86a1fcce29ad9b86904fa6bd8c30bf2e9fe97f4df002a89acebbf9085218a41e1e1a81
-
SSDEEP
24576:fAHnh+eWsN3skA4RV1Hom2KXMmHanbuQ5:Ch+ZkldoPK8YanZ
Static task
static1
Behavioral task
behavioral1
Sample
lista de cotizaciones.xlam.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
lista de cotizaciones.xlam.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
snakekeylogger
https://api.telegram.org/bot5581840526:AAE1o2MXOklfCJKspnGyHbkaYvwtJlJ8h3M/sendMessage?chat_id=5063375086
Targets
-
-
Target
lista de cotizaciones.xlam.exe
-
Size
984KB
-
MD5
3397f79c3a08077e9295c17c9b3b938c
-
SHA1
7c1cfd2b56e5f4780b561942fe1e9f62200be5cb
-
SHA256
fc53ccd71a8b45f03e842e375777e017b73371d2ae6828af9fd8328f6b91c3ee
-
SHA512
a651cd572e27869b1c2901aea00244a08fe7b2607422d7b97892e9ef9e86a1fcce29ad9b86904fa6bd8c30bf2e9fe97f4df002a89acebbf9085218a41e1e1a81
-
SSDEEP
24576:fAHnh+eWsN3skA4RV1Hom2KXMmHanbuQ5:Ch+ZkldoPK8YanZ
Score10/10-
Snake Keylogger payload
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-